Category Archives: Privacy

Changes to Australian privacy legislation are effective as of 12 March 2014. Many organisations will automatically be required to adopt the 13 APP (Australian Privacy Principles) other organisations may voluntarily opt in. More information, including the powers of the regulator, is available from the website of the Privacy Commissioner www.oaic.gov.au

Is your organisation ready for these changes? Compliance Essentials can assist with compliance with privacy legislation and other compliance needs, contact us www.complianceessentials.com.au

Will your business be affected by imminent changes to Privacy legislation? If so, now is the time to take action.

On 12 March 2014, significant changes to Australian privacy law come into effect. These changes will regulate how both private (generally with turnover in excess of $3m) and government organisations collect, store and use data. To find out if these amendments will apply to your organisation check out the OAIC website.

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 to the Privacy Act 1988 extends the number of privacy principles to thirteen.. Organisations that fall within the scope of the principles (APP entities) must comply with these principles, or risk investigation from the regulator and possible penalties. Notably, Principle 8 puts the onus on applicable entities to ensure the security of trans-border data flow – particular care needs to be taken in relation to use of cloud computing and overseas network providers. There is still time before the amendment comes into effect to ensure that any overseas provider in this respect is aware of your requirements to have in place measures that will comply with the legislation.

Privacy Principle 1 requires that APP entities have privacy processes and a clearly visible privacy policy. Does your business have these in place? Monitoring internal compliance obligations and behaviours of employees, contractors and agents is part of good risk control measures.

Further the principles make it mandatory for organisations to give the option of client-anonymity. Good practice for internet trading and other electronic data collection is to include an opt-out clause when gathering client information. Failure to maintain data integrity or to ensure that information is collected through compliant methods, may present substantial financial and reputational risks.

The obligations of the Act and the Privacy Principles are enforceable by the Australian Information Commissioner (AIC). As part of the legislative amendment, the Commissioner’s regulatory powers have been expanded with powers to investigate perceived breaches. The AIC is empowered to conduct privacy audits of any Australian government body or regulated private organisation; where serious breaches are found, the Commissioner can penalise APP entities up to $1.1 million.

There may be close on six months until the changes to Privacy Legislation are effected (12 March 2014) nevertheless all organisations that fall within the scope of the legislation are encouraged to take this window of opportunity to review their operational activities in relation to upcoming requirements as well as reviewing and updating privacy policies and procedures.

The changes bring 13 APP (privacy principles) that will apply to both government and non-government organisations, in addition the Information Commissioner (www.oaic.gov.au) will have regulatory powers to investigate and penalise an organisation found to be non-compliant in terms of the legislation.

Some of the mistakes that businesses make when it comes to compliance are very simple, and because of that we are launching a series of posts looking at some of the matters which can be very easily rectified.

Follow our blog to receive our posts hot off the press.

Need to look at the bigger picture? Contact us on 1300 602 880 or via the website for an initial discussion as to how Compliance Essentials can help your business.

So what is the issue with ‘compliance’? Has the word acquired a bad image or does it go deeper?

One of the issues – the decision makers in some organisations fail to admit that ‘compliance’ is relevant to what they do, whereas in fact every organisation has compliance obligations.

Forget the handle and move away from the concept of policing. The issue does not necessarily lie with the concept of compliance, the issue rests with not acknowledging and accepting that adopting a compliant culture can bring benefits.

Organisations that can’t see the gain unfortunately don’t acknowledge the potential of pain until it happens to them. Using the analogy of insurances, it isn’t common practice to wait, for example until there has been a theft or involvement in a car accident, to think about insurances; most of us buy the required policies to protect ourselves and/or our businesses in case the bad things happen outside of our control. In a similar way, using best endeavours to proactively implement compliance in an organisational environment is a means of taking control as well as protecting a business from the risk of serious compliance breaches that could, amongst other outcomes, cause injury, have a financial impact, damage reputation.

Why not take the benefits, which are manifold, and will ultimately make a contribution to the bottom line.

By the way, it is calculated to be far more costly to remedy a proven compliance breach than to be in control with the implementation of a compliance plan………….